ANU says 'sophisticated operator' stole data in new cyber breach

Up to 200,000 students and staff of the Australian National University have had personal data stolen in a "sophisticated" cyber attack that echoes a similar breach last year attributed to the Chinese government.

The university has admitted the hackers stole data stretching back 19 years that included bank details, passport information and academic records of current and former students and staff.

Vice-Chancellor Brian Schmidt said the university was working with government security agencies and industry partners to investigate the breach, which was detected two weeks ago.Credit:Karleen Minney

Vice-chancellor Brian Schmidt said the university was working with government security agencies to investigate the breach, which occurred in late 2018 and was detected two weeks ago.

"We believe there was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years," Professor Schmidt said in a letter to students and staff.

Advertisement

"Depending on the information you have provided to the university, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed."

Loading

Professor Schmidt said there was "no evidence" research work had been affected.

A university spokesman estimated the number of people affected was 200,000, based on annual student numbers and staff turnover.

Authorities said it was too early to say who was behind the attack, nor whether it was linked to a separate breach of the university's systems more than a year ago, which national security sources said was the work of the Chinese government.

Education Minister Dan Tehan said he would invite the nation's vice-chancellors to a briefing from experts from the government's Australian Cyber Security Centre to ensure they were up-to-date on cyber security.

Loading

"Universities have a responsibility to protect the information they hold about individuals and the research they are conducting," he said.

ANU is regarded as an attractive target because of its close association with the Australian government. Many students go on to work in the federal government, and many government officials, including military personnel, undertake mid-career education at the university.

ANU has high-powered schools such as the National Security College, the Crawford School of Public Policy and the Strategic and Defence Studies Centre.

Informed sources said that by stealing data on staff and students, the hackers could develop a long-term picture on students and staff who go on to hold critical positions in the Canberra bureaucracy.

A spokesman for the electronic spy agency, the Australian Signals Directorate, confirmed the agency was working to "secure the networks, protect users and investigate the full extent of the compromise".

He declined to say who might be behind the attack, stressing that "proper and accurate attribution of a cyber incident takes time".

Stephen Wilson, an information security analyst at Constellation Research, questioned why the ANU was keeping so many years' worth of data in systems that were connected to the internet.

"Assuming that some of the 19-year-old data is for long-gone ANU students and staff, why does anyone at the university need ready online access to such old data?" he said.

"This sort of data should really be taken offline and stored on a tape when it's no longer needed so readily."